All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
[MXroute] Email Hosting - I got mad
The TL;DR version:
I was mxroute client for 1.5 years and liked them very much. But today i got really mad because of their "service"
Background
I use their service only as relay-router between my servers and my gmail-accounts. There were more than 10 boxes that worked like i need with no problems before this case. But some days ago I got a couple of vps from greencloud and setup them to send mails
The story
My mail from new vps were rejected by mxroute.com because my IP is "blacklisted at bl.mxrbl.com". I'm not a spammer so i went to mxrbl.com, found out that ip is blocked because "AS7552 is a spam network" and my IP is in another ASN by fact.
So I kindly asked mxrbl.com to remove my address from their blacklist because their database is out of date. And instead of unblocking... I got a requirement at least to open my 25 port to public and set rDNS.
Ok... mxrbl.com has a old school design, so i assumed its admin is an angry 70-years old admin from 1990s.
So I kindly asked mxroute.com support to add my IP to their white list to bypass a blacklist. And instead of unblocking... I was told that it's my problem and "You need to respond to MXRBL directly. We cannot help you here"
Of course I became a little angry, but I was pissed out after a small research. Because I decided to find out what this f.ng MXRBL is.
The facts that got me mad
- mxroute's support is talking about mxrbl in the 3rd face like about other people and forwarding clients between mxroute and mxrbl back and forth
- But mxrbl.com and mxroute.com are the same people in fact. Their sites are hosted on the same IP 207.32.217.219 without rDNS. But for some reason mxrbl-mxroute require rDNS from others
- mxroute-mxrbl requires from clients to open port 25 on their hosts but in fact it is insecure without the need
- My vps is not in ASN that is listed in mxrbl's database. mxroute-mxrbl knows about this and not going to fix this
- Instead of keeping their blacklist's database up to date and fixing it on request they fool people
- In the end my problem is still not solved. I don't want to open port 25 and don't want to setup rDNS because I don't need that. My only need is to send my own messages between my vps and my mailbox on mxroute.com without dancing with a tambourine like it is with my other VPSs
Comments
Why is opening port 25 insecure if you use authentication? Also, matching rDNS has been a fairly common factor in spam ranking for some time.
I don't know what you faced as i am not using their services(at least as of now) but if they are running the black list then i am pretty sure they only blocked the IP range after witnessing the SPAM. Well they are a full featured email host and not your traditional SMTP relay so can't blame them for something they aren't providing as is, if you only need a mail relay then get a service that does that without any questions asked i.e. Amazon SES. Finally @jar some insights please, Would love to know the whole ordeal.
Edit: Not mention the requirements were pretty simple and usually done beforehand, i usually have rdns for all of my servers and opening port 25 is not any security issue as long as you don't support any un-authenticated traffic, you can close it down after getting the bl lift.
Not a problem at all. Happy to refund your invoice and part ways. If you'll be happier elsewhere, and I'll be happier with you elsewhere, that sounds like a win-win to me.
I keep MXRBL stuff separate, it's own ticket system and all that jazz. Since I'm not the only one on MXroute support, any request made there for a blacklist removal is redirected to the MXRBL ticket system. May seem crazy to a user, I get it, but my workflows help me and I'm not ashamed to ask for what I need to keep my stuff organized in the way that best works for me.
The user submitted an MXRBL removal request for an IP that is in a network which is very, very much more likely to send spam than ham. The IP had no reverse DNS and no listening mail server. So not a production mail server. So removal request denied. I don't place blind trust in IPs from spammy networks, I need to see some actual effort and intent to run a mail server. Because this isn't just a removal request on a spam-first network, it's a whitelist request.
Hmm sounds just like how the microsoft BL works, You need rdns, mail server before you can even write to microsoft about the BL removal. So we can say the MXRBL is indeed owned by MXRoute but under different Team that manages it. The above sums it up, always use a mail relay for mail relay and a mailbox for mailbox, don't try to mix stuff and blame your provider if anything goes wrong. Or just be your own relay provider just spend $$$.
.
Honestly... I like how MXRBL handles it. I think this also makes a lot of sense. I get you might be pissed but I think what Jarland said is very reasonable and makes sense.
I can understand you're pissed, but also his rationale makes sense and at this point I'd rather put trust in that.
.. are we talking about MTA-MTA sending (relaying) of e-mails from that VPS to MXROUTE, or using MXROUTE for submitting e-mails (port 465/587).
If the former, then I think that @jar is right, as any well-behaved MTA should be, well, well-behaved
(and that includes rDNS at the very minimum).
If MSA then I'd say this is a bit extreme, as usually any authenticated client should be able to send e-mails, and most clients (e.g. desktop PCs) don't have the set-up that an MTA has.
I mean that is very sane and normal approach that different projects are run via different tickets and you don't mix those, isn't it?
Blacklist are funky, jar is funky too... so "his" blacklist gonna be extra funky and if you asked for whitelisting then don't be shocked he needed minimal efforts (rDNS)?
Take your refund, move things like this to more suited service for this - mailjet, sendgrid - (ab)use theirs free limits if those are only VPS e-mails like crons etc.
I'm sure he was sending an email from his server (using sendmail or whatnot) to his email hosted on MXRoute MTA-MTA.
If it was MSA, then it doesn't matter as, again, they should be authenticated and, therefore, trusted.
Jarlandino is lazzy af, but his infra get emails delivered. And doing that for peanuts. You either take it or just pack your bs and go. L.L.A.P jarland from USA.
I'd love to communicate just how much work goes into it every day that no one sees, but there's really no reason for anyone to care either.
Setting rDNS is pretty normal to get mail to play. Seems a bit odd to require an open port 25, but hopefully I'll never end up on their lists and need to fiddle about trying to get off again!
I wouldn't call jarland lazzy af.
There's a lot of overhead that goes into operating a business that isn't visible on the outside. Especially additional overhead once you start hiring people and coordinating with others. At this point his time is valued at a premium compared to others here.
And lets be honest. People also would like to spend time with their family. Raising a family is a job of its own that there's an entire industry of like 30 billion dollars for childcare just in the US.
It's not a hard requirement, but no PTR and nothing listening on port 25 collectively tells me "This isn't a mail server." So in my eyes, I see zero need for it to be whitelisted.
What @dusst could do is configure the server to login to a mail account on MXRoute and send email through that. You get the added benefit of making sure your server emails hit their intended destination and if it's actually abused then well... they know what kind of a client you are.
I don't see why you NEED to send an email directly from the server when you can just have it use MXRoute as a relay instead.
Lazzy people tend to automate almost everything possible. This leads to over automation and sometimes to misstakes.
Over automation? My experience is that removing humans from the loop typically results in a more consistent experience.
new facts by now
My account was suspended and for "negative value" so i need to add some "positive": they give me a time to move out till March 31 and I got back my ten bucks
. I'm even pleasantly surprised
And of course I'm not very glad as I need to spend some time to re-config. Anyway they required for me to re-config because it was not working.
Unfortunately I have some more accounts there via resellers that I also need to reconfig. But in these cases without pleasant refund =(
Also to be clear for clever words' (like MTA, MSA, MUA etc) lovers and for others...
My local postfix is only sending direct mails from local websites to clients and my team. It is not receiving, not relaying (there or back) via mxroute (or any other way) - ONLY DIRECT SENDING. Direct to gmail, hotmail etc. And my mails were sent to gmail, hotmail etc without any problems. And of course without rDNS
The only place were mails were rejected was mxroute because of its own blacklist. So only my team members whose accounts were placed on mxroute didn't get mails. So mxroute protected from my sites' "SPAM" only my team-members
Now you see the NEED.. Your account on mxroute can be suddenly closed
(joke). When there are fewer unnecessary links (you can't control, like mxroute intermediate servers, i don't even mean @jar but the servers) - more reliable is your system (not joke)
And some more words...
Are you ready to tell the same to all people who closes ports 21, 3306 etc (all of them use authentication).
You are correct: 'common factor' & 'some time' but not 'required'
Once again the fact is: my IP is not in SPAM-network now (or in another SPAM-network but not in the one shown on your site). In our times IPs are sold, rented and moved between networks. Hope you know about IPv4 shortage. BTW now I see why greencloud's support decided not to contact you. And I don't need extra trust I need a truth and service running like it has to
I know how it's fine for me. And it's clear that in case I didn't run mail server i wouldn't ask you about anything. "L" is for logic.
Unfortunately my joking poll was not created correctly by me and 'laziness' variant was not rendered, because I'm sure it's laziness and obstinacy and not a time-shortage.
Laziness - because I'm sure @jar spent much more time writing messages here than he needs to his list.
And obstinacy - because there were a lot of words but nothing about the fact that IP and ASN are linked incorrect on mxrbl.com (and nothing changed) and mxroute.com's IP is still running without rDNS
It looks like it's not our case =(
False. It was refunded and given a cancellation date of March 31. Lie all you want, not my problem anymore.
Aha, that's a true valid point. With one huge but: automation tools coded by humans and is prone to errors in non-standard situations.
@Jar
Side question: does your SMTP is BIMI enabled?
BIMI is done outside of the service, just a purely preference based thing you do in your own DNS. This is what I usually send people who are curious about it: https://blog.mailup.com/2020/10/how-to-authenticate-with-bimi/
i hope you are able to read all words, not only the first one
Ok. I don't get it. Why not contact Greencloud about the blacklisted IPs??
I asked Greencloud support very persistent about that. There is a ticket. But they refused, and i was wondering why.
But now i agree with Greencloud.
I don't get what the need is.
Just configure your server to use an account as a relay for outbound email. That's usually the operation recommendation from most people who run a website and it's why some hosts say that they use mail relays for outbound mail (e.g., BuyShared). Basically, have it use SMTP directly or configure sendmail to send via SMTP to an account on their infrastructure directly. You don't need to get your IP removed from the blacklist because you're not sending an email directly from your server IP. All of this could have been avoided. I mean sure you can say people could have been better at guiding you towards this solution but... it's an unmanaged service...
Idk man sorry to hear this is the result. But this post hasn't really given me anything of value to "move off of MXRoute".
I think MXRoute should make it more clear that they do outbound filtering in this particular manner. I think a very common use-case for a service like MXRoute is to send these kinds of emails from IP addresses that might be on spam lists.
MXRoute does have a page saying that they block certain networks, but it's very unclear here that they're doing outbound blocking as well as inbound.
Ideally, this kind of warning would happen before you purchase the service, to ensure that customers will actually be able to use the service.
I would like to point out that opening port 25 in this case is not always possible, especially if the service provider that is blacklisted refuses to do so. Thus, I think its unreasonable for @jar to ask for this in all cases.
Sure, "you were offered a refund" is a very good defense here, but that doesn't mean that the customer hasn't wasted time and effort in buying and attempting to troubleshoot the issues. Especially when it comes to something as trivial as "we ban these IP blocks, if you use these IP blocks, you'll have to do X, Y, Z". This seems like a very important warning to put before a customer orders a service.
It's not different. Inbound for us is outbound for someone else. RBLs are used to block inbound mail, which of course is outbound mail to the sender.
See my reply to that above:
The customer was refunded because the customer tried to use a forum to steal some of my time instead of simply setting up a mail server with the proper requirements that are necessary for a mail server, not the least of which is a valid and forward confirmed PTR record. The customer wasn't refunded because they found hidden requirements to use the service, setting up a proper mail server is not a hidden requirement of running a mail server.
Another consideration is that lots of people use things like nodemailer for outbound emails, meaning they wouldn't even have a mailserver operating because they simply do not need to. Also, rDNS isn't configurable on many cloud networks especially if you're using ephemeral IP addresses.
You haven't addressed my solution of simply warning users before they purchase (perhaps in bold font).
EDIT: jar edited his reply
Then. You. Don't. Send. Email. From. Those. Networks.
If you can't have forward confirmed reverse DNS, you need to be using an SMTP relay, not sending mail from your IP and telling everyone else it's their job to deal with your choice to run an improperly configured mail server.
No. I'm not going to warn users at signup that if they run their own mail servers independent of the mail service that I run, that they have to actually configure proper mail servers with proper configurations, and it's stupid of you to ask it of me.
Next you'll want me to warn them that they need a valid internet connection to check their mail...
@jar would you suggest setting up my own email server without any relay just for practice and learning? I can get a clean IP with a quality vps provider in the Netherlands. It will only be used by me and won't contain anything of value (in the beginning, might add more critical stuff when all goes well)